One-third of global respondents to a survey of IT security professionals believe their email is more vulnerable today than it was five years ago.
The finding has been reported by email security and archiving company Mimecast, in its new global research study: Mimecast Business Email Threat Report 2016, Email Security Uncovered. The survey of 600 IT security professionals, shows that while 64 percent regard email as a major cyber-security threat to their business (71 percent in South Africa), 65 percent (41) don’t feel fully equipped or up to date to reasonably defend against email-based attacks.
Email continues to be a critical technology in business and the threat of email hacks and data breaches loom large over IT security managers. Consequently, confidence and experience with previous data breaches and email hacks play key parts in determining a company’s perceived level of preparedness against these threats and targeted email attacks.
Of the 600 surveyed, just 35 percent (59 percent in South Africa) feel confident about their level of preparedness against data breaches. Of the 65 percent (41) who don’t feel fully prepared against future potential attacks, nearly half (49%) experienced such attacks in the past, indicating that they don’t feel any more protected following an attack than they did prior.
This is also reflected in the few steps taken toward widespread email security. Although 83 percent (75 percent in South Africa) of all respondents highlight email as a common attack vector, one out of ten report not having any kind of email security training in place. Among the least-confident respondents, 23 percent attest to lacking any supplementary security measures.
“Our cyber-security is under attack and we depend on technology, and email in particular, in all aspects of business. So it’s very disconcerting to see that while we might appreciate the danger, many companies are still taking too few measures to defend themselves against email-based threats in particular,” said Brandon Bekker, managing director, Mimecast South Africa. “As the cyber threat becomes more grave, email attacks will only become more common and more damaging. It’s essential that executives, the C-suite in particular, realize that they may not be as safe as they think and take action. Our research shows there is work still to be done to be safe and we can learn a lot from the experience of those that have learnt the hard way.”
Budget and C-suite involvement were the biggest gaps found between the most and least prepared respondents. Among the IT security managers who feel most prepared, five out of six say that their C-suite is engaged with email security. However, of all IT security managers who were polled, only 15 percent (17 percent in South Africa) say their C-suite is extremely engaged in email security, while 44 percent (28) say their C-suite is only somewhat engaged, not very engaged, or not engaged at all.
Those who feel better prepared to handle email-based threats also allocate higher percentages of their IT security budgets toward email security. These IT security managers allocate 50 percent higher budgets to email security compared to managers who were less confident in their readiness. From these findings, the data points to allotting 10.4 percent of the total IT budget toward email security as the ideal intersection between email security confidence and spend.
Mimecast found that five distinct “personas” emerged among the respondents, and characterized them into a Cyber-Security Shiver Grid based on their levels of email security and perceptions of data breach confidence: the Vigilant (16 percent), Equipped Veterans (19 percent), Apprehensive (31 percent), Nervous (6 percent) and Battle-Scarred (28 percent). Altogether, a majority of the IT security managers – totaling 65 percent, comprising the apprehensive, nervous and battle-scarred respondents – feel unprepared to manage email-based attacks.
Other key findings of the survey include:
- The top 20 percent of organizations that feel most secure are 250 percent more likely to see email as their biggest vulnerability.
- Confident IT security managers are 2.7x more likely to have a C-suite that is extremely or very engaged in email security. They are also 1.6x more likely to see C-suite involvement in email security as extremely or very appropriate.
- The least confident IT security managers are more likely to be using Microsoft’s Exchange Mail Server 2010, which ended mainstream support in January 2015. The most confident managers are more likely to use the up-to-date Exchange Server 2013.
- 70 percent of IT professionals that have recently and directly experienced an email hack employ internal safeguards, such as data leak prevention or targeted threat protection.
- Apprehensive IT security professionals are more likely to be found in smaller (fewer than 500 employees) firms than larger ones (32 percent to 18 percent, respectively).
- Less than half (48 percent) of IT security managers in smaller firms feel confident and well-prepared for tackling email security threats, compared to larger companies.
Kenya tool to help companies prepare for emergencies
After its team members survived last week’s Nairobi terror attack, Ushahidi decided to release a new preparedness tool for free, writes its CEO, NAT MANNING
On Tuesday I woke up a bit before 7am in Berkeley, California where I live. I made some coffee and went over to my computer to start my work day. I checked my Slack and the news and quickly found out that there was an ongoing terrorist attack at 14 Riverside Complex in Nairobi, Kenya. The Ushahidi office is in Nairobi and about a third of our team is based there (the rest of us are spread across 10 other countries).
As I read the news, my heart plummeted, and I immediately asked the question, “is everyone on my team okay?”
Five years ago Al-Shabaab committed a similar attack at the Westgate Mall. We spent several tense hours figuring out if any of our team had been in the mall, and verifying that everyone was safe. We found out that one of our team member’s family was caught up in the attack. Luckily they made it out.
At Ushahidi we make software for crisis response, including tools to map disasters and election violence, and yet we felt helpless in the face of this attack. In the days following the Westgate attack, our team huddled and thought about what we could build that would help our team — and other teams — if we found ourselves in a similar situation to this attack again. We identified that when we first learned of the attack, nearly everyone at Ushahidi had spent that first precious few hours trying to answer the basic questions, “Is everyone okay?”, and if not, “Who needs help?”
People had ad-hoc used multiple channels such as WhatsApp, called, emailed, or texted. We had done this for each person at Ushahidi (their job), in our families, and important people in our community. Our process was unorganised, inefficient, repetitive, and frustrating.
And from this problem we created TenFour, a check in tool that makes it easier for teams to reach one another during times of crisis. It is a simple application that lets people send a message to their team via SMS, Slack, Voice, email, and in-app, and get a response. It also works for educational institutions, companies with distributed staff, as well as part of neighbourhood networks like neighbourhood watches.
This week when I woke up to the news of the attack at Riverside, I immediately opened up the TenFour app.
Click here to read how Nat quickly confirmed the safety of his team.
Kia multi-collision airbags
The world’s first multi-collision airbag system has been unveiled by Hyundai Motor Group subsidiary KIA Motors, with the aim of improving airbag performance in multi-collision accidents.
Multi-collision accidents are those in which the primary impact is followed by collisions with secondary objects, such as other vehicles, trees, or electrical posts, which occur in three out of every 10 accidents. Current airbag systems do not offer secondary protection when the initial impact is insufficient to cause them to deploy.
However, the multi-collision airbag system allows airbags to deploy effectively upon a secondary impact, by calibrating the status of the vehicle and the occupants.
The new technology detects occupants’ positions in the cabin following an initial collision. When occupants are forced into unusual positions, the effectiveness of existing safety technology may be compromised. Multi-collision airbag systems are designed to deploy even faster when initial safety systems may not be effective, providing additional safety when drivers and passengers are most vulnerable. By recalibrating the collision intensity required for deployment, the airbag system responds more promptly during the secondary impact, thereby improving the safety of multi-collision vehicle occupants.
“By improving airbag performance in multi-collision scenarios, we expect to significantly improve the safety of our drivers and passengers,” said Taesoo Chi, head of the Hyundai Motor Group’s Chassis Technology Centre. “We will continue our research on more diverse crash situations as part of our commitment to producing even safer vehicles that protect occupants and prevent injuries.”
According to statistics by the National Automotive Sampling System Crashworthiness Data System (NASS-CDS), an office of the National Highway Traffic Safety Administration (NHTSA) in USA, about 30% of 56,000 vehicle accidents from 2000 to 2012 in the North American region involved multi-collisions. The leading type of multi-collision accidents involved cars crossing over the centre line (30.8%), followed by collisions caused by a sudden stop at highway tollgates (13.5%), highway median strip collisions (8.0%), and sideswiping and collision with trees and electric poles (4.0%).
These multi-collision scenarios were analysed in multilateral ways to improve airbag performance and precision in secondary collisions. Once commercialised, the system will be implemented in future new KIA vehicles.